diff options
-rw-r--r-- | dev-lang/python/Manifest | 2 | ||||
-rw-r--r-- | dev-lang/python/files/3.4-getentropy-linux.patch | 40 | ||||
-rw-r--r-- | dev-lang/python/files/3.6-disable-nis.patch | 25 | ||||
-rw-r--r-- | dev-lang/python/files/python-3.4.10-openssl11.patch | 894 | ||||
-rw-r--r-- | dev-lang/python/files/python-3.4.5-cross.patch | 11 | ||||
-rw-r--r-- | dev-lang/python/files/python-3.5.5-hash-unaligned.patch | 48 | ||||
-rw-r--r-- | dev-lang/python/python-3.4.10.ebuild | 173 |
7 files changed, 80 insertions, 1113 deletions
diff --git a/dev-lang/python/Manifest b/dev-lang/python/Manifest index 39ffe3c..17ea2a0 100644 --- a/dev-lang/python/Manifest +++ b/dev-lang/python/Manifest @@ -3,5 +3,5 @@ DIST Python-3.2.6.tar.xz 9243292 SHA256 1d12b501819fd26afafbf8459be1aa279b56f032 DIST Python-3.3.5.tar.xz 12116308 SHA256 abe99b484434503d8b23be0f243ec27139e743a4798cd71c1dce3cf40e63b6e5 SHA512 562ebd85291f29ff18d37f05682763fc45aa9d070688006f4ef5c89392a48022357c3ca9ee1d795e9e863bdef413e6bab77b8d65581d374a76dbe7cacec65550 WHIRLPOOL f4b6010d32b28b7bb038cbb7c5f98d325cc4253fd1be9a0a1089ed6fd7dd414c5169931d21ef819137d5c1084517a650828f260cf2a1d8ce871bc67aeef3fff8 DIST Python-3.4.10.tar.xz 14559088 SHA256 d46a8f6fe91679e199c671b1b0a30aaf172d2acb5bcab25beb35f16c3d195b4e SHA512 d5d27d68049b61f135e21b12a800dbd4fc521d6935de178de6e2e88a989cda511d3c8fead90d14e38d2db0e528a74b22674e0da01c51ff4fad7d335ec6c3dbbc WHIRLPOOL 84608931cd785eddd234d207be2caa273575067d7687a0ed05217e2f2ae410da684fcf5ed65cfa17dd8eda082844bb4067cdcb4a277ceb20845ffa9f3baa6f58 DIST Python-3.5.9.tar.xz 15388876 SHA256 c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049 SHA512 58127793adef42ed57ae4d56338268866e14c2d084f09f57f26fc6b1c9454e70cc6d3dffc638f8d56f182acc0884021a4dbb578f312dd6fc01995fa85e31377e WHIRLPOOL 16f4a6938ed1004cbb10a9b60621d70f8e52a36771fbb55cf5fb3211ad98daa2c9cf181789c226d51c4f65cefce056dfff73031f61c1ce35e96e24bd2db186b3 -DIST python-gentoo-patches-3.4.6-0.tar.xz 11728 SHA256 93e7c8487deefc36c612403fb6c82e495c46846a1952f9ed85f82af41840be4a SHA512 41c22dc8f1db8800fc0b97eed2b27bf1873e5de1369bd4aecf7a7a91e609a78e45a4b56fc89d575317f33a7704c0c1cad1494e8a993415a198f256e8338f49ab WHIRLPOOL 851945e7ccea985a88bcbd71bc404bc34c27a0e335386e9ed15fa9876aab3285ff559936fb2dcadf7ac0594a7cb03ac3a9e4135b67b350c5fdf33e9a44ca0654 +DIST python-gentoo-patches-3.4.10.tar.xz 21340 SHA256 12d291ac445fe76bcb5e391de7f88308b2509a27e05b7559c6a1a6636b0f74c5 SHA512 27ee476c080a0d1c012ef5d3d8325db6e697e1c3d9611f0337668f3660a50e50e6529bd0fd8b3b5b6030c9be8f8a86d95fa59bc27085ce7d18a7e0b50afe9f4b WHIRLPOOL 81cd55b8696026a8832ae1e89f2ff137ff1b20c5d675a148b4a1e3bd761d938c5a67e36284377cfa4850381f4f3c451f4d7dbc309dbd0390ecdc62c6edcd1f25 DIST python-gentoo-patches-3.5.9.tar.xz 13548 SHA256 97d1252935e398a31ed3634f50b70ed17b38bd8c5ea10fad601912ca58fdee5f SHA512 def5435a315e58d3794d8bce8fb04105a36ff37bd90a437cf7588a0c0ec8d420af5b68009ab153823286e71e52056e12a0eba4dc4d958eeb8d6b914b24f0de81 WHIRLPOOL 139ffbd3aa2ca349f1b8254d7326942111b448d2b2c8649a37550fb1f5095fed488c0a2748120a8b39b514502b25ac9fcc9bf2130da7927e19d11e8fd649ade8 diff --git a/dev-lang/python/files/3.4-getentropy-linux.patch b/dev-lang/python/files/3.4-getentropy-linux.patch deleted file mode 100644 index 9f12389..0000000 --- a/dev-lang/python/files/3.4-getentropy-linux.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 5635d44079e1bbd9c495951ede8d078e7b8d67d5 Mon Sep 17 00:00:00 2001 -From: Victor Stinner <victor.stinner@gmail.com> -Date: Mon, 9 Jan 2017 11:10:41 +0100 -Subject: [PATCH] Don't use getentropy() on Linux - -Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but -read from /dev/urandom to get random bytes, for example in os.urandom(). On -Linux, getentropy() is implemented which getrandom() is blocking mode, whereas -os.urandom() should not block. ---- - Python/random.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/Python/random.c b/Python/random.c -index af3d0bd0d5..dc6400d3b8 100644 ---- a/Python/random.c -+++ b/Python/random.c -@@ -67,9 +67,16 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) - return 0; - } - --/* Issue #25003: Don' use getentropy() on Solaris (available since -- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ --#elif defined(HAVE_GETENTROPY) && !defined(sun) -+/* Issue #25003: Don't use getentropy() on Solaris (available since -+ Solaris 11.3), it is blocking whereas os.urandom() should not block. -+ -+ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24 -+ implements it with the getrandom() syscall which can fail with ENOSYS, -+ and this error is not supported in py_getentropy() and getrandom() is called -+ with flags=0 which blocks until system urandom is initialized, which is not -+ the desired behaviour to seed the Python hash secret nor for os.urandom(): -+ see the PEP 524 which was only implemented in Python 3.6. */ -+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux) - #define PY_GETENTROPY 1 - - /* Fill buffer with size pseudo-random bytes generated by getentropy(). --- -2.15.0.rc2 - diff --git a/dev-lang/python/files/3.6-disable-nis.patch b/dev-lang/python/files/3.6-disable-nis.patch deleted file mode 100644 index ccfb890..0000000 --- a/dev-lang/python/files/3.6-disable-nis.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 2ed81ae3d36c2e0dd709240169fdccd6b3cd1a27 Mon Sep 17 00:00:00 2001 -From: Mike Gilbert <floppym@gentoo.org> -Date: Wed, 4 Jul 2018 11:39:21 -0400 -Subject: [PATCH 7/8] Disable nis ---- a/setup.py -+++ b/setup.py -@@ -1332,17 +1332,7 @@ class PyBuildExt(build_ext): - # Jeremy Hylton's rlimit interface - exts.append( Extension('resource', ['resource.c']) ) - -- # Sun yellow pages. Some systems have the functions in libc. -- if (host_platform not in ['cygwin', 'qnx6'] and -- find_file('rpcsvc/yp_prot.h', inc_dirs, []) is not None): -- if (self.compiler.find_library_file(lib_dirs, 'nsl')): -- libs = ['nsl'] -- else: -- libs = [] -- exts.append( Extension('nis', ['nismodule.c'], -- libraries = libs) ) -- else: -- missing.append('nis') -+ missing.append('nis') - else: - missing.extend(['nis', 'resource', 'termios']) - diff --git a/dev-lang/python/files/python-3.4.10-openssl11.patch b/dev-lang/python/files/python-3.4.10-openssl11.patch deleted file mode 100644 index f5fe537..0000000 --- a/dev-lang/python/files/python-3.4.10-openssl11.patch +++ /dev/null @@ -1,894 +0,0 @@ -From 9c7a4d7baebfa84c2fa2deff7417871d96f714f2 Mon Sep 17 00:00:00 2001 -From: Christian Heimes <christian@python.org> -Date: Mon, 5 Sep 2016 23:19:05 +0200 -Subject: [PATCH] Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. - -(rebased for 3.4.10) ---- - Lib/ssl.py | 15 ++-- - Lib/test/test_ssl.py | 27 +++--- - Modules/_hashopenssl.c | 167 +++++++++++++++++++++++-------------- - Modules/_ssl.c | 184 +++++++++++++++++++++++++++++++---------- - 4 files changed, 271 insertions(+), 122 deletions(-) - -diff --git a/Lib/ssl.py b/Lib/ssl.py -index 873aa4798b..359809a020 100644 ---- a/Lib/ssl.py -+++ b/Lib/ssl.py -@@ -51,6 +51,7 @@ The following constants identify various SSL protocol variants: - PROTOCOL_SSLv2 - PROTOCOL_SSLv3 - PROTOCOL_SSLv23 -+PROTOCOL_TLS - PROTOCOL_TLSv1 - PROTOCOL_TLSv1_1 - PROTOCOL_TLSv1_2 -@@ -348,13 +349,13 @@ class SSLContext(_SSLContext): - __slots__ = ('protocol', '__weakref__') - _windows_cert_stores = ("CA", "ROOT") - -- def __new__(cls, protocol, *args, **kwargs): -+ def __new__(cls, protocol=PROTOCOL_TLS, *args, **kwargs): - self = _SSLContext.__new__(cls, protocol) - if protocol != _SSLv2_IF_EXISTS: - self.set_ciphers(_DEFAULT_CIPHERS) - return self - -- def __init__(self, protocol): -+ def __init__(self, protocol=PROTOCOL_TLS): - self.protocol = protocol - - def wrap_socket(self, sock, server_side=False, -@@ -408,7 +409,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None, - if not isinstance(purpose, _ASN1Object): - raise TypeError(purpose) - -- context = SSLContext(PROTOCOL_SSLv23) -+ context = SSLContext(PROTOCOL_TLS) - - # SSLv2 considered harmful. - context.options |= OP_NO_SSLv2 -@@ -445,7 +446,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None, - context.load_default_certs(purpose) - return context - --def _create_unverified_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None, -+def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=None, - check_hostname=False, purpose=Purpose.SERVER_AUTH, - certfile=None, keyfile=None, - cafile=None, capath=None, cadata=None): -@@ -501,7 +502,7 @@ class SSLSocket(socket): - - def __init__(self, sock=None, keyfile=None, certfile=None, - server_side=False, cert_reqs=CERT_NONE, -- ssl_version=PROTOCOL_SSLv23, ca_certs=None, -+ ssl_version=PROTOCOL_TLS, ca_certs=None, - do_handshake_on_connect=True, - family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None, - suppress_ragged_eofs=True, npn_protocols=None, ciphers=None, -@@ -883,7 +884,7 @@ class SSLSocket(socket): - - def wrap_socket(sock, keyfile=None, certfile=None, - server_side=False, cert_reqs=CERT_NONE, -- ssl_version=PROTOCOL_SSLv23, ca_certs=None, -+ ssl_version=PROTOCOL_TLS, ca_certs=None, - do_handshake_on_connect=True, - suppress_ragged_eofs=True, - ciphers=None): -@@ -930,7 +931,7 @@ def PEM_cert_to_DER_cert(pem_cert_string): - d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] - return base64.decodebytes(d.encode('ASCII', 'strict')) - --def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): -+def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None): - """Retrieve the certificate from the server at the specified address, - and return it as a PEM-encoded string. - If 'ca_certs' is specified, validate the server cert against it. -diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py -index e36a309bfa..b663a04aa2 100644 ---- a/Lib/test/test_ssl.py -+++ b/Lib/test/test_ssl.py -@@ -23,6 +23,9 @@ ssl = support.import_module("ssl") - - PROTOCOLS = sorted(ssl._PROTOCOL_NAMES) - HOST = support.HOST -+IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL') -+IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0) -+ - - def data_file(*name): - return os.path.join(os.path.dirname(__file__), *name) -@@ -318,9 +321,9 @@ class BasicSocketTests(unittest.TestCase): - self.assertGreaterEqual(status, 0) - self.assertLessEqual(status, 15) - # Version string as returned by {Open,Libre}SSL, the format might change -- if "LibreSSL" in s: -- self.assertTrue(s.startswith("LibreSSL {:d}.{:d}".format(major, minor)), -- (s, t)) -+ if IS_LIBRESSL: -+ self.assertTrue(s.startswith("LibreSSL {:d}".format(major)), -+ (s, t, hex(n))) - else: - self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)), - (s, t)) -@@ -677,7 +680,8 @@ class ContextTests(unittest.TestCase): - def test_constructor(self): - for protocol in PROTOCOLS: - ssl.SSLContext(protocol) -- self.assertRaises(TypeError, ssl.SSLContext) -+ ctx = ssl.SSLContext() -+ self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS) - self.assertRaises(ValueError, ssl.SSLContext, -1) - self.assertRaises(ValueError, ssl.SSLContext, 42) - -@@ -698,15 +702,15 @@ class ContextTests(unittest.TestCase): - def test_options(self): - ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) - # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value -- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3, -- ctx.options) -+ default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3) -+ if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0): -+ default |= ssl.OP_NO_COMPRESSION -+ self.assertEqual(default, ctx.options) - ctx.options |= ssl.OP_NO_TLSv1 -- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1, -- ctx.options) -+ self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options) - if can_clear_options(): -- ctx.options = (ctx.options & ~ssl.OP_NO_SSLv2) | ssl.OP_NO_TLSv1 -- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_TLSv1 | ssl.OP_NO_SSLv3, -- ctx.options) -+ ctx.options = (ctx.options & ~ssl.OP_NO_TLSv1) -+ self.assertEqual(default, ctx.options) - ctx.options = 0 - # Ubuntu has OP_NO_SSLv3 forced on by default - self.assertEqual(0, ctx.options & ~ssl.OP_NO_SSLv3) -@@ -1042,6 +1046,7 @@ class ContextTests(unittest.TestCase): - self.assertRaises(TypeError, ctx.load_default_certs, 'SERVER_AUTH') - - @unittest.skipIf(sys.platform == "win32", "not-Windows specific") -+ @unittest.skipIf(IS_LIBRESSL, "LibreSSL doesn't support env vars") - def test_load_default_certs_env(self): - ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) - with support.EnvironmentVarGuard() as env: -diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index 5b0a7be12b..86a8950588 100644 ---- a/Modules/_hashopenssl.c -+++ b/Modules/_hashopenssl.c -@@ -20,7 +20,6 @@ - - /* EVP is the preferred interface to hashing in OpenSSL */ - #include <openssl/evp.h> --#include <openssl/hmac.h> - /* We use the object interface to discover what hashes OpenSSL supports. */ - #include <openssl/objects.h> - #include "openssl/err.h" -@@ -31,15 +30,22 @@ - #define HASH_OBJ_CONSTRUCTOR 0 - #endif - --/* Minimum OpenSSL version needed to support sha224 and higher. */ --#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x00908000) --#define _OPENSSL_SUPPORTS_SHA2 -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) -+/* OpenSSL < 1.1.0 */ -+#define EVP_MD_CTX_new EVP_MD_CTX_create -+#define EVP_MD_CTX_free EVP_MD_CTX_destroy -+#define HAS_FAST_PKCS5_PBKDF2_HMAC 0 -+#include <openssl/hmac.h> -+#else -+/* OpenSSL >= 1.1.0 */ -+#define HAS_FAST_PKCS5_PBKDF2_HMAC 1 - #endif - -+ - typedef struct { - PyObject_HEAD - PyObject *name; /* name of this hash algorithm */ -- EVP_MD_CTX ctx; /* OpenSSL message digest context */ -+ EVP_MD_CTX *ctx; /* OpenSSL message digest context */ - #ifdef WITH_THREAD - PyThread_type_lock lock; /* OpenSSL context lock */ - #endif -@@ -51,7 +57,6 @@ static PyTypeObject EVPtype; - - #define DEFINE_CONSTS_FOR_NEW(Name) \ - static PyObject *CONST_ ## Name ## _name_obj = NULL; \ -- static EVP_MD_CTX CONST_new_ ## Name ## _ctx; \ - static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL; - - DEFINE_CONSTS_FOR_NEW(md5) -@@ -64,19 +69,57 @@ DEFINE_CONSTS_FOR_NEW(sha512) - #endif - - -+/* LCOV_EXCL_START */ -+static PyObject * -+_setException(PyObject *exc) -+{ -+ unsigned long errcode; -+ const char *lib, *func, *reason; -+ -+ errcode = ERR_peek_last_error(); -+ if (!errcode) { -+ PyErr_SetString(exc, "unknown reasons"); -+ return NULL; -+ } -+ ERR_clear_error(); -+ -+ lib = ERR_lib_error_string(errcode); -+ func = ERR_func_error_string(errcode); -+ reason = ERR_reason_error_string(errcode); -+ -+ if (lib && func) { -+ PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); -+ } -+ else if (lib) { -+ PyErr_Format(exc, "[%s] %s", lib, reason); -+ } -+ else { -+ PyErr_SetString(exc, reason); -+ } -+ return NULL; -+} -+/* LCOV_EXCL_STOP */ -+ - static EVPobject * - newEVPobject(PyObject *name) - { - EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype); -+ if (retval == NULL) { -+ return NULL; -+ } -+ -+ retval->ctx = EVP_MD_CTX_new(); -+ if (retval->ctx == NULL) { -+ PyErr_NoMemory(); -+ return NULL; -+ } - - /* save the name for .name to return */ -- if (retval != NULL) { -- Py_INCREF(name); -- retval->name = name; -+ Py_INCREF(name); -+ retval->name = name; - #ifdef WITH_THREAD -- retval->lock = NULL; -+ retval->lock = NULL; - #endif -- } - - return retval; - } -@@ -91,7 +134,7 @@ EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len) - process = MUNCH_SIZE; - else - process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int); -- EVP_DigestUpdate(&self->ctx, (const void*)cp, process); -+ EVP_DigestUpdate(self->ctx, (const void*)cp, process); - len -= process; - cp += process; - } -@@ -106,16 +149,19 @@ EVP_dealloc(EVPobject *self) - if (self->lock != NULL) - PyThread_free_lock(self->lock); - #endif -- EVP_MD_CTX_cleanup(&self->ctx); -+ EVP_MD_CTX_free(self->ctx); - Py_XDECREF(self->name); - PyObject_Del(self); - } - --static void locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) -+static int -+locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self) - { -+ int result; - ENTER_HASHLIB(self); -- EVP_MD_CTX_copy(new_ctx_p, &self->ctx); -+ result = EVP_MD_CTX_copy(new_ctx_p, self->ctx); - LEAVE_HASHLIB(self); -+ return result; - } - - /* External methods for a hash object */ -@@ -131,7 +177,9 @@ EVP_copy(EVPobject *self, PyObject *unused) - if ( (newobj = newEVPobject(self->name))==NULL) - return NULL; - -- locked_EVP_MD_CTX_copy(&newobj->ctx, self); -+ if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) { -+ return _setException(PyExc_ValueError); -+ } - return (PyObject *)newobj; - } - -@@ -142,16 +190,24 @@ static PyObject * - EVP_digest(EVPobject *self, PyObject *unused) - { - unsigned char digest[EVP_MAX_MD_SIZE]; -- EVP_MD_CTX temp_ctx; -+ EVP_MD_CTX *temp_ctx; - PyObject *retval; - unsigned int digest_size; - -- locked_EVP_MD_CTX_copy(&temp_ctx, self); -- digest_size = EVP_MD_CTX_size(&temp_ctx); -- EVP_DigestFinal(&temp_ctx, digest, NULL); -+ temp_ctx = EVP_MD_CTX_new(); -+ if (temp_ctx == NULL) { -+ PyErr_NoMemory(); -+ return NULL; -+ } -+ -+ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { -+ return _setException(PyExc_ValueError); -+ } -+ digest_size = EVP_MD_CTX_size(temp_ctx); -+ EVP_DigestFinal(temp_ctx, digest, NULL); - - retval = PyBytes_FromStringAndSize((const char *)digest, digest_size); -- EVP_MD_CTX_cleanup(&temp_ctx); -+ EVP_MD_CTX_free(temp_ctx); - return retval; - } - -@@ -162,17 +218,25 @@ static PyObject * - EVP_hexdigest(EVPobject *self, PyObject *unused) - { - unsigned char digest[EVP_MAX_MD_SIZE]; -- EVP_MD_CTX temp_ctx; -+ EVP_MD_CTX *temp_ctx; - PyObject *retval; - char *hex_digest; - unsigned int i, j, digest_size; - -+ temp_ctx = EVP_MD_CTX_new(); -+ if (temp_ctx == NULL) { -+ PyErr_NoMemory(); -+ return NULL; -+ } -+ - /* Get the raw (binary) digest value */ -- locked_EVP_MD_CTX_copy(&temp_ctx, self); -- digest_size = EVP_MD_CTX_size(&temp_ctx); -- EVP_DigestFinal(&temp_ctx, digest, NULL); -+ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) { -+ return _setException(PyExc_ValueError); -+ } -+ digest_size = EVP_MD_CTX_size(temp_ctx); -+ EVP_DigestFinal(temp_ctx, digest, NULL); - -- EVP_MD_CTX_cleanup(&temp_ctx); -+ EVP_MD_CTX_free(temp_ctx); - - /* Allocate a new buffer */ - hex_digest = PyMem_Malloc(digest_size * 2 + 1); -@@ -241,7 +305,7 @@ static PyObject * - EVP_get_block_size(EVPobject *self, void *closure) - { - long block_size; -- block_size = EVP_MD_CTX_block_size(&self->ctx); -+ block_size = EVP_MD_CTX_block_size(self->ctx); - return PyLong_FromLong(block_size); - } - -@@ -249,7 +313,7 @@ static PyObject * - EVP_get_digest_size(EVPobject *self, void *closure) - { - long size; -- size = EVP_MD_CTX_size(&self->ctx); -+ size = EVP_MD_CTX_size(self->ctx); - return PyLong_FromLong(size); - } - -@@ -310,7 +374,7 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds) - PyBuffer_Release(&view); - return -1; - } -- EVP_DigestInit(&self->ctx, digest); -+ EVP_DigestInit(self->ctx, digest); - - self->name = name_obj; - Py_INCREF(self->name); -@@ -407,9 +471,9 @@ EVPnew(PyObject *name_obj, - return NULL; - - if (initial_ctx) { -- EVP_MD_CTX_copy(&self->ctx, initial_ctx); -+ EVP_MD_CTX_copy(self->ctx, initial_ctx); - } else { -- EVP_DigestInit(&self->ctx, digest); -+ EVP_DigestInit(self->ctx, digest); - } - - if (cp && len) { -@@ -475,6 +539,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict) - - #define PY_PBKDF2_HMAC 1 - -+#if !HAS_FAST_PKCS5_PBKDF2_HMAC - /* Improved implementation of PKCS5_PBKDF2_HMAC() - * - * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of -@@ -556,37 +621,8 @@ PKCS5_PBKDF2_HMAC_fast(const char *pass, int passlen, - HMAC_CTX_cleanup(&hctx_tpl); - return 1; - } -+#endif - --/* LCOV_EXCL_START */ --static PyObject * --_setException(PyObject *exc) --{ -- unsigned long errcode; -- const char *lib, *func, *reason; -- -- errcode = ERR_peek_last_error(); -- if (!errcode) { -- PyErr_SetString(exc, "unknown reasons"); -- return NULL; -- } -- ERR_clear_error(); -- -- lib = ERR_lib_error_string(errcode); -- func = ERR_func_error_string(errcode); -- reason = ERR_reason_error_string(errcode); -- -- if (lib && func) { -- PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); -- } -- else if (lib) { -- PyErr_Format(exc, "[%s] %s", lib, reason); -- } -- else { -- PyErr_SetString(exc, reason); -- } -- return NULL; --} --/* LCOV_EXCL_STOP */ - - PyDoc_STRVAR(pbkdf2_hmac__doc__, - "pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) -> key\n\ -@@ -668,10 +704,17 @@ pbkdf2_hmac(PyObject *self, PyObject *args, PyObject *kwdict) - key = PyBytes_AS_STRING(key_obj); - - Py_BEGIN_ALLOW_THREADS -+#if HAS_FAST_PKCS5_PBKDF2_HMAC -+ retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len, -+ (unsigned char *)salt.buf, (int)salt.len, -+ iterations, digest, dklen, -+ (unsigned char *)key); -+#else - retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len, - (unsigned char *)salt.buf, (int)salt.len, - iterations, digest, dklen, - (unsigned char *)key); -+#endif - Py_END_ALLOW_THREADS - - if (!retval) { -@@ -790,7 +833,7 @@ generate_hash_name_list(void) - if (CONST_ ## NAME ## _name_obj == NULL) { \ - CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \ - if (EVP_get_digestbyname(#NAME)) { \ -- CONST_new_ ## NAME ## _ctx_p = &CONST_new_ ## NAME ## _ctx; \ -+ CONST_new_ ## NAME ## _ctx_p = EVP_MD_CTX_new(); \ - EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \ - } \ - } \ -diff --git a/Modules/_ssl.c b/Modules/_ssl.c -index 0ff9d553e2..512e5f10ce 100644 ---- a/Modules/_ssl.c -+++ b/Modules/_ssl.c -@@ -55,6 +55,14 @@ static PySocketModule_APIObject PySocketModule; - #include <sys/poll.h> - #endif - -+/* Don't warn about deprecated functions */ -+#ifdef __GNUC__ -+#pragma GCC diagnostic ignored "-Wdeprecated-declarations" -+#endif -+#ifdef __clang__ -+#pragma clang diagnostic ignored "-Wdeprecated-declarations" -+#endif -+ - /* Include OpenSSL header files */ - #include "openssl/rsa.h" - #include "openssl/crypto.h" -@@ -90,6 +98,10 @@ struct py_ssl_library_code { - /* Include generated data (error codes) */ - #include "_ssl_data.h" - -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) -+# define OPENSSL_VERSION_1_1 1 -+#endif -+ - /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1 - http://www.openssl.org/news/changelog.html - */ -@@ -108,6 +120,80 @@ struct py_ssl_library_code { - # define HAVE_SNI 0 - #endif - -+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation -+# define HAVE_ALPN -+#endif -+ -+#ifndef INVALID_SOCKET /* MS defines this */ -+#define INVALID_SOCKET (-1) -+#endif -+ -+#ifdef OPENSSL_VERSION_1_1 -+/* OpenSSL 1.1.0+ */ -+#ifndef OPENSSL_NO_SSL2 -+#define OPENSSL_NO_SSL2 -+#endif -+#else /* OpenSSL < 1.1.0 */ -+#if defined(WITH_THREAD) -+#define HAVE_OPENSSL_CRYPTO_LOCK -+#endif -+ -+#define TLS_method SSLv23_method -+ -+static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) -+{ -+ return ne->set; -+} -+ -+#ifndef OPENSSL_NO_COMP -+static int COMP_get_type(const COMP_METHOD *meth) -+{ -+ return meth->type; -+} -+ -+static const char *COMP_get_name(const COMP_METHOD *meth) -+{ -+ return meth->name; -+} -+#endif -+ -+static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) -+{ -+ return ctx->default_passwd_callback; -+} -+ -+static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) -+{ -+ return ctx->default_passwd_callback_userdata; -+} -+ -+static int X509_OBJECT_get_type(X509_OBJECT *x) -+{ -+ return x->type; -+} -+ -+static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) -+{ -+ return x->data.x509; -+} -+ -+static int BIO_up_ref(BIO *b) -+{ -+ CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO); -+ return 1; -+} -+ -+static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) { -+ return store->objs; -+} -+ -+static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store) -+{ -+ return store->param; -+} -+#endif /* OpenSSL < 1.1.0 or LibreSSL */ -+ -+ - enum py_ssl_error { - /* these mirror ssl.h */ - PY_SSL_ERROR_NONE, -@@ -138,7 +224,7 @@ enum py_ssl_cert_requirements { - enum py_ssl_version { - PY_SSL_VERSION_SSL2, - PY_SSL_VERSION_SSL3=1, -- PY_SSL_VERSION_SSL23, -+ PY_SSL_VERSION_TLS, - #if HAVE_TLSv1_2 - PY_SSL_VERSION_TLS1, - PY_SSL_VERSION_TLS1_1, -@@ -504,7 +590,7 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock, - PySSL_BEGIN_ALLOW_THREADS - self->ssl = SSL_new(ctx); - PySSL_END_ALLOW_THREADS -- SSL_set_app_data(self->ssl,self); -+ SSL_set_app_data(self->ssl, self); - SSL_set_fd(self->ssl, Py_SAFE_DOWNCAST(sock->sock_fd, SOCKET_T, int)); - mode = SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; - #ifdef SSL_MODE_AUTO_RETRY -@@ -691,7 +777,7 @@ _create_tuple_for_X509_NAME (X509_NAME *xname) - - /* check to see if we've gotten to a new RDN */ - if (rdn_level >= 0) { -- if (rdn_level != entry->set) { -+ if (rdn_level != X509_NAME_ENTRY_set(entry)) { - /* yes, new RDN */ - /* add old RDN to DN */ - rdnt = PyList_AsTuple(rdn); -@@ -708,7 +794,7 @@ _create_tuple_for_X509_NAME (X509_NAME *xname) - goto fail0; - } - } -- rdn_level = entry->set; -+ rdn_level = X509_NAME_ENTRY_set(entry); - - /* now add this attribute to the current RDN */ - name = X509_NAME_ENTRY_get_object(entry); -@@ -811,18 +897,18 @@ _get_peer_alt_names (X509 *certificate) { - goto fail; - } - -- p = ext->value->data; -+ p = X509_EXTENSION_get_data(ext)->data; - if (method->it) - names = (GENERAL_NAMES*) - (ASN1_item_d2i(NULL, - &p, -- ext->value->length, -+ X509_EXTENSION_get_data(ext)->length, - ASN1_ITEM_ptr(method->it))); - else - names = (GENERAL_NAMES*) - (method->d2i(NULL, - &p, -- ext->value->length)); -+ X509_EXTENSION_get_data(ext)->length)); - - for(j = 0; j < sk_GENERAL_NAME_num(names); j++) { - /* get a rendering of each name in the set of names */ -@@ -1033,13 +1119,11 @@ _get_crl_dp(X509 *certificate) { - int i, j; - PyObject *lst, *res = NULL; - --#if OPENSSL_VERSION_NUMBER < 0x10001000L -- dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); --#else -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L - /* Calls x509v3_cache_extensions and sets up crldp */ - X509_check_ca(certificate); -- dps = certificate->crldp; - #endif -+ dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); - - if (dps == NULL) - return Py_None; -@@ -1431,9 +1515,9 @@ static PyObject *PySSL_compression(PySSLSocket *self) { - if (self->ssl == NULL) - Py_RETURN_NONE; - comp_method = SSL_get_current_compression(self->ssl); -- if (comp_method == NULL || comp_method->type == NID_undef) -+ if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef) - Py_RETURN_NONE; -- short_name = OBJ_nid2sn(comp_method->type); -+ short_name = COMP_get_name(comp_method); - if (short_name == NULL) - Py_RETURN_NONE; - return PyUnicode_DecodeFSDefault(short_name); -@@ -1981,7 +2065,7 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) - { - char *kwlist[] = {"protocol", NULL}; - PySSLContext *self; -- int proto_version = PY_SSL_VERSION_SSL23; -+ int proto_version = PY_SSL_VERSION_TLS; - long options; - SSL_CTX *ctx = NULL; - -@@ -2007,8 +2091,8 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) - else if (proto_version == PY_SSL_VERSION_SSL2) - ctx = SSL_CTX_new(SSLv2_method()); - #endif -- else if (proto_version == PY_SSL_VERSION_SSL23) -- ctx = SSL_CTX_new(SSLv23_method()); -+ else if (proto_version == PY_SSL_VERSION_TLS) -+ ctx = SSL_CTX_new(TLS_method()); - else - proto_version = -1; - PySSL_END_ALLOW_THREADS -@@ -2051,8 +2135,9 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) - #ifndef OPENSSL_NO_ECDH - /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use - prime256v1 by default. This is Apache mod_ssl's initialization -- policy, so we should be safe. */ --#if defined(SSL_CTX_set_ecdh_auto) -+ policy, so we should be safe. OpenSSL 1.1 has it enabled by default. -+ */ -+#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1) - SSL_CTX_set_ecdh_auto(self->ctx, 1); - #else - { -@@ -2263,10 +2348,12 @@ static PyObject * - get_verify_flags(PySSLContext *self, void *c) - { - X509_STORE *store; -+ X509_VERIFY_PARAM *param; - unsigned long flags; - - store = SSL_CTX_get_cert_store(self->ctx); -- flags = X509_VERIFY_PARAM_get_flags(store->param); -+ param = X509_STORE_get0_param(store); -+ flags = X509_VERIFY_PARAM_get_flags(param); - return PyLong_FromUnsignedLong(flags); - } - -@@ -2274,22 +2361,24 @@ static int - set_verify_flags(PySSLContext *self, PyObject *arg, void *c) - { - X509_STORE *store; -+ X509_VERIFY_PARAM *param; - unsigned long new_flags, flags, set, clear; - - if (!PyArg_Parse(arg, "k", &new_flags)) - return -1; - store = SSL_CTX_get_cert_store(self->ctx); -- flags = X509_VERIFY_PARAM_get_flags(store->param); -+ param = X509_STORE_get0_param(store); -+ flags = X509_VERIFY_PARAM_get_flags(param); - clear = flags & ~new_flags; - set = ~flags & new_flags; - if (clear) { -- if (!X509_VERIFY_PARAM_clear_flags(store->param, clear)) { -+ if (!X509_VERIFY_PARAM_clear_flags(param, clear)) { - _setSSLError(NULL, 0, __FILE__, __LINE__); - return -1; - } - } - if (set) { -- if (!X509_VERIFY_PARAM_set_flags(store->param, set)) { -+ if (!X509_VERIFY_PARAM_set_flags(param, set)) { - _setSSLError(NULL, 0, __FILE__, __LINE__); - return -1; - } -@@ -2459,8 +2548,8 @@ load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds) - char *kwlist[] = {"certfile", "keyfile", "password", NULL}; - PyObject *certfile, *keyfile = NULL, *password = NULL; - PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL; -- pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback; -- void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata; -+ pem_password_cb *orig_passwd_cb = SSL_CTX_get_default_passwd_cb(self->ctx); -+ void *orig_passwd_userdata = SSL_CTX_get_default_passwd_cb_userdata(self->ctx); - _PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 }; - int r; - -@@ -2591,8 +2680,9 @@ _add_ca_certs(PySSLContext *self, void *data, Py_ssize_t len, - cert = d2i_X509_bio(biobuf, NULL); - } else { - cert = PEM_read_bio_X509(biobuf, NULL, -- self->ctx->default_passwd_callback, -- self->ctx->default_passwd_callback_userdata); -+ SSL_CTX_get_default_passwd_cb(self->ctx), -+ SSL_CTX_get_default_passwd_cb_userdata(self->ctx) -+ ); - } - if (cert == NULL) { - break; -@@ -3040,25 +3130,24 @@ static PyObject * - cert_store_stats(PySSLContext *self) - { - X509_STORE *store; -+ STACK_OF(X509_OBJECT) *objs; - X509_OBJECT *obj; -- int x509 = 0, crl = 0, pkey = 0, ca = 0, i; -+ int x509 = 0, crl = 0, ca = 0, i; - - store = SSL_CTX_get_cert_store(self->ctx); -- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { -- obj = sk_X509_OBJECT_value(store->objs, i); -- switch (obj->type) { -+ objs = X509_STORE_get0_objects(store); -+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { -+ obj = sk_X509_OBJECT_value(objs, i); -+ switch (X509_OBJECT_get_type(obj)) { - case X509_LU_X509: - x509++; -- if (X509_check_ca(obj->data.x509)) { -+ if (X509_check_ca(X509_OBJECT_get0_X509(obj))) { - ca++; - } - break; - case X509_LU_CRL: - crl++; - break; -- case X509_LU_PKEY: -- pkey++; -- break; - default: - /* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY. - * As far as I can tell they are internal states and never -@@ -3083,6 +3172,7 @@ get_ca_certs(PySSLContext *self, PyObject *args, PyObject *kwds) - { - char *kwlist[] = {"binary_form", NULL}; - X509_STORE *store; -+ STACK_OF(X509_OBJECT) *objs; - PyObject *ci = NULL, *rlist = NULL; - int i; - int binary_mode = 0; -@@ -3097,17 +3187,18 @@ get_ca_certs(PySSLContext *self, PyObject *args, PyObject *kwds) - } - - store = SSL_CTX_get_cert_store(self->ctx); -- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) { -+ objs = X509_STORE_get0_objects(store); -+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { - X509_OBJECT *obj; - X509 *cert; - -- obj = sk_X509_OBJECT_value(store->objs, i); -- if (obj->type != X509_LU_X509) { -+ obj = sk_X509_OBJECT_value(objs, i); -+ if (X509_OBJECT_get_type(obj) != X509_LU_X509) { - /* not a x509 cert */ - continue; - } - /* CA for any purpose */ -- cert = obj->data.x509; -+ cert = X509_OBJECT_get0_X509(obj); - if (!X509_check_ca(cert)) { - continue; - } -@@ -3780,10 +3871,12 @@ static PyMethodDef PySSL_methods[] = { - }; - - --#ifdef WITH_THREAD -+#ifdef HAVE_OPENSSL_CRYPTO_LOCK - - /* an implementation of OpenSSL threading operations in terms -- of the Python C thread library */ -+ * of the Python C thread library -+ * Only used up to 1.0.2. OpenSSL 1.1.0+ has its own locking code. -+ */ - - static PyThread_type_lock *_ssl_locks = NULL; - -@@ -3864,7 +3957,7 @@ static int _setup_ssl_threads(void) { - return 1; - } - --#endif /* def HAVE_THREAD */ -+#endif /* HAVE_OPENSSL_CRYPTO_LOCK for WITH_THREAD && OpenSSL < 1.1.0 */ - - PyDoc_STRVAR(module_doc, - "Implementation module for SSL socket operations. See the socket module\n\ -@@ -3931,11 +4024,16 @@ PyInit__ssl(void) - SSL_load_error_strings(); - SSL_library_init(); - #ifdef WITH_THREAD -+#ifdef HAVE_OPENSSL_CRYPTO_LOCK - /* note that this will start threading if not already started */ - if (!_setup_ssl_threads()) { - return NULL; - } -+#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS) -+ /* OpenSSL 1.1.0 builtin thread support is enabled */ -+ _ssl_locks_count++; - #endif -+#endif /* WITH_THREAD */ - OpenSSL_add_all_algorithms(); - - /* Add symbols to module dict */ -@@ -4079,7 +4177,9 @@ PyInit__ssl(void) - PY_SSL_VERSION_SSL3); - #endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", -- PY_SSL_VERSION_SSL23); -+ PY_SSL_VERSION_TLS); -+ PyModule_AddIntConstant(m, "PROTOCOL_TLS", -+ PY_SSL_VERSION_TLS); - PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", - PY_SSL_VERSION_TLS1); - #if HAVE_TLSv1_2 --- -2.24.0 - diff --git a/dev-lang/python/files/python-3.4.5-cross.patch b/dev-lang/python/files/python-3.4.5-cross.patch deleted file mode 100644 index 7a016ff..0000000 --- a/dev-lang/python/files/python-3.4.5-cross.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Lib/distutils/command/build_ext.py -+++ b/Lib/distutils/command/build_ext.py -@@ -729,7 +729,7 @@ - if sysconfig.get_config_var('Py_ENABLE_SHARED'): - pythonlib = 'python{}.{}{}'.format( - sys.hexversion >> 24, (sys.hexversion >> 16) & 0xff, -- sys.abiflags) -+ sysconfig.get_config_var('ABIFLAGS')) - return ext.libraries + [pythonlib] - else: - return ext.libraries diff --git a/dev-lang/python/files/python-3.5.5-hash-unaligned.patch b/dev-lang/python/files/python-3.5.5-hash-unaligned.patch deleted file mode 100644 index 7861bfb..0000000 --- a/dev-lang/python/files/python-3.5.5-hash-unaligned.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0d17e60b33aca1a4d151a8a2bd6eaa331f0ec658 Mon Sep 17 00:00:00 2001 -From: Rolf Eike Beer <eike@sf-mail.de> -Date: Sun, 13 May 2018 04:40:03 -0700 -Subject: [PATCH] bpo-28055: Fix unaligned accesses in siphash24(). (GH-6123) - -The hash implementation casts the input pointer to uint64_t* and directly reads -from this, which may cause unaligned accesses. Use memcpy() instead so this code -will not crash with SIGBUS on sparc. - ---- a/Python/pyhash.c 2017-11-29 10:21:20.283094068 +0100 -+++ b/Python/pyhash.c 2017-11-29 10:24:26.733087813 +0100 -@@ -372,7 +372,7 @@ siphash24(const void *src, Py_ssize_t sr - PY_UINT64_T k0 = _le64toh(_Py_HashSecret.siphash.k0); - PY_UINT64_T k1 = _le64toh(_Py_HashSecret.siphash.k1); - PY_UINT64_T b = (PY_UINT64_T)src_sz << 56; -- const PY_UINT64_T *in = (PY_UINT64_T*)src; -+ const PY_UINT8_T *in = (PY_UINT8_T*)src; - - PY_UINT64_T v0 = k0 ^ 0x736f6d6570736575ULL; - PY_UINT64_T v1 = k1 ^ 0x646f72616e646f6dULL; -@@ -381,12 +381,14 @@ siphash24(const void *src, Py_ssize_t sr - - PY_UINT64_T t; - PY_UINT8_T *pt; -- PY_UINT8_T *m; -+ const PY_UINT8_T *m; - - while (src_sz >= 8) { -- PY_UINT64_T mi = _le64toh(*in); -- in += 1; -- src_sz -= 8; -+ PY_UINT64_T mi; -+ memcpy(&mi, in, sizeof(mi)); -+ mi = _le64toh(mi); -+ in += sizeof(mi); -+ src_sz -= sizeof(mi); - v3 ^= mi; - DOUBLE_ROUND(v0,v1,v2,v3); - v0 ^= mi; -@@ -394,7 +396,7 @@ siphash24(const void *src, Py_ssize_t sr - - t = 0; - pt = (PY_UINT8_T *)&t; -- m = (PY_UINT8_T *)in; -+ m = in; - switch (src_sz) { - case 7: pt[6] = m[6]; - case 6: pt[5] = m[5]; diff --git a/dev-lang/python/python-3.4.10.ebuild b/dev-lang/python/python-3.4.10.ebuild index 10d6002..69ebe37 100644 --- a/dev-lang/python/python-3.4.10.ebuild +++ b/dev-lang/python/python-3.4.10.ebuild @@ -1,85 +1,72 @@ # Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="5" +EAPI="7" WANT_LIBTOOL="none" -inherit autotools eutils flag-o-matic multilib pax-utils python-utils-r1 toolchain-funcs multiprocessing +inherit autotools flag-o-matic pax-utils python-utils-r1 toolchain-funcs -MY_P="Python-${PV/_/}" -PATCHSET_VERSION="3.4.6-0" +MY_P="Python-${PV}" +PYVER=$(ver_cut 1-2) +PATCHSET="python-gentoo-patches-3.4.10" DESCRIPTION="An interpreted, interactive, object-oriented programming language" HOMEPAGE="https://www.python.org/" -SRC_URI="https://www.python.org/ftp/python/${PV%_rc*}/${MY_P}.tar.xz - https://dev.gentoo.org/~floppym/python/python-gentoo-patches-${PATCHSET_VERSION}.tar.xz" +SRC_URI="https://www.python.org/ftp/python/${PV}/${MY_P}.tar.xz + https://dev.gentoo.org/~mgorny/dist/python/${PATCHSET}.tar.xz" +S="${WORKDIR}/${MY_P}" LICENSE="PSF-2" -SLOT="3.4/3.4m" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd" -IUSE="bluetooth build elibc_uclibc examples gdbm hardened ipv6 libressl +ncurses +readline sqlite +ssl +threads tk wininst +xml" +SLOT="${PYVER}/${PYVER}m" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="bluetooth build examples gdbm hardened ipv6 libressl +ncurses +readline sqlite +ssl +threads tk wininst +xml" # Do not add a dependency on dev-lang/python to this ebuild. # If you need to apply a patch which requires python for bootstrapping, please # run the bootstrap code on your dev box and include the results in the # patchset. See bug 447752. -RDEPEND="app-arch/bzip2:0= - app-arch/xz-utils:0= - >=sys-libs/zlib-1.1.3:0= +RDEPEND="app-arch/bzip2:= + app-arch/xz-utils:= + >=sys-libs/zlib-1.1.3:= virtual/libffi:= virtual/libintl - gdbm? ( sys-libs/gdbm:0=[berkdb] ) + gdbm? ( sys-libs/gdbm:=[berkdb] ) ncurses? ( - >=sys-libs/ncurses-5.2:0= - readline? ( >=sys-libs/readline-4.1:0= ) + >=sys-libs/ncurses-5.2:= + readline? ( >=sys-libs/readline-4.1:= ) ) sqlite? ( >=dev-db/sqlite-3.3.8:3= ) ssl? ( - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) + !libressl? ( dev-libs/openssl:= ) + libressl? ( dev-libs/libressl:= ) ) tk? ( - >=dev-lang/tcl-8.0:0= - >=dev-lang/tk-8.0:0= - dev-tcltk/blt:0= + >=dev-lang/tcl-8.0:= + >=dev-lang/tk-8.0:= + dev-tcltk/blt:= dev-tcltk/tix ) - xml? ( >=dev-libs/expat-2.1:0= ) - !!<sys-apps/sandbox-2.6-r1" + xml? ( >=dev-libs/expat-2.1:= )" # bluetooth requires headers from bluez DEPEND="${RDEPEND} bluetooth? ( net-wireless/bluez ) virtual/pkgconfig - >=sys-devel/autoconf-2.65 !sys-devel/gcc[libffi(-)]" RDEPEND+=" !build? ( app-misc/mime-types )" PDEPEND=">=app-eselect/eselect-python-20140125-r1" -S="${WORKDIR}/${MY_P}" - -PYVER=${SLOT%/*} - src_prepare() { # Ensure that internal copies of expat, libffi and zlib are not used. - rm -fr Modules/expat - rm -fr Modules/_ctypes/libffi* - rm -fr Modules/zlib + rm -fr Modules/expat || die + rm -fr Modules/_ctypes/libffi* || die + rm -fr Modules/zlib || die - if tc-is-cross-compiler; then - # Invokes BUILDPYTHON, which is built for the host arch - local EPATCH_EXCLUDE="*_regenerate_platform-specific_modules.patch" - fi - - EPATCH_SUFFIX="patch" epatch "${WORKDIR}/patches" - epatch "${FILESDIR}/${PN}-3.4.3-ncurses-pkg-config.patch" - epatch "${FILESDIR}/${PN}-3.4.5-cross.patch" - epatch "${FILESDIR}/3.4-getentropy-linux.patch" - epatch "${FILESDIR}/3.6-disable-nis.patch" - epatch "${FILESDIR}/python-3.5.5-hash-unaligned.patch" - epatch "${FILESDIR}/python-3.4.10-openssl11.patch" + local PATCHES=( + "${WORKDIR}/${PATCHSET}" + ) - epatch_user + default sed -i -e "s:@@GENTOO_LIBDIR@@:$(get_libdir):g" \ configure.ac \ @@ -100,13 +87,13 @@ src_configure() { local disable # disable automagic bluetooth headers detection use bluetooth || export ac_cv_header_bluetooth_bluetooth_h=no - use gdbm || disable+=" gdbm" - use ncurses || disable+=" _curses _curses_panel" - use readline || disable+=" readline" - use sqlite || disable+=" _sqlite3" - use ssl || export PYTHON_DISABLE_SSL="1" - use tk || disable+=" _tkinter" - use xml || disable+=" _elementtree pyexpat" # _elementtree uses pyexpat. + use gdbm || disable+=" gdbm" + use ncurses || disable+=" _curses _curses_panel" + use readline || disable+=" readline" + use sqlite || disable+=" _sqlite3" + use ssl || export PYTHON_DISABLE_SSL="1" + use tk || disable+=" _tkinter" + use xml || disable+=" _elementtree pyexpat" # _elementtree uses pyexpat. export PYTHON_DISABLE_MODULES="${disable}" if ! use xml; then @@ -148,25 +135,23 @@ src_configure() { dbmliborder+="${dbmliborder:+:}gdbm" fi - BUILD_DIR="${WORKDIR}/${CHOST}" - mkdir -p "${BUILD_DIR}" || die - cd "${BUILD_DIR}" || die - - ECONF_SOURCE="${S}" OPT="" \ - econf \ - --with-fpectl \ - --enable-shared \ - $(use_enable ipv6) \ - $(use_with threads) \ - --infodir='${prefix}/share/info' \ - --mandir='${prefix}/share/man' \ - --with-computed-gotos \ - --with-dbmliborder="${dbmliborder}" \ - --with-libc="" \ - --enable-loadable-sqlite-extensions \ - --with-system-expat \ - --with-system-ffi \ + local myeconfargs=( + --with-fpectl + --enable-shared + $(use_enable ipv6) + $(use_with threads) + --infodir='${prefix}/share/info' + --mandir='${prefix}/share/man' + --with-computed-gotos + --with-dbmliborder="${dbmliborder}" + --with-libc= + --enable-loadable-sqlite-extensions --without-ensurepip + --with-system-expat + --with-system-ffi + ) + + OPT="" econf "${myeconfargs[@]}" if use threads && grep -q "#define POSIX_SEMAPHORES_NOT_ENABLED 1" pyconfig.h; then eerror "configure has detected that the sem_open function is broken." @@ -180,11 +165,6 @@ src_compile() { # https://bugs.gentoo.org/594768 local -x LC_ALL=C - # Avoid invoking pgen for cross-compiles. - touch Include/graminit.h Python/graminit.c || die - - cd "${BUILD_DIR}" || die - emake CPPFLAGS= CFLAGS= LDFLAGS= # Work around bug 329499. See also bug 413751 and 457194. @@ -202,8 +182,6 @@ src_test() { return fi - cd "${BUILD_DIR}" || die - # Skip failing tests. local skipped_tests="gdb" @@ -211,7 +189,11 @@ src_test() { mv "${S}"/Lib/test/test_${test}.py "${T}" done + # bug 660358 + local -x COLUMNS=80 + local -x PYTHONDONTWRITEBYTECODE= + emake test EXTRATESTOPTS="-u-network" CPPFLAGS= CFLAGS= LDFLAGS= < /dev/tty local result=$? @@ -236,23 +218,24 @@ src_test() { src_install() { local libdir=${ED}/usr/$(get_libdir)/python${PYVER} - cd "${BUILD_DIR}" || die - emake DESTDIR="${D}" altinstall + # Remove static library + rm "${ED}"/usr/$(get_libdir)/libpython*.a || die + sed \ -e "s/\(CONFIGURE_LDFLAGS=\).*/\1/" \ -e "s/\(PY_LDFLAGS=\).*/\1/" \ -i "${libdir}/config-${PYVER}"*/Makefile || die "sed failed" # Fix collisions between different slots of Python. - rm -f "${ED}usr/$(get_libdir)/libpython3.so" + rm "${ED}/usr/$(get_libdir)/libpython3.so" || die # Cheap hack to get version with ABIFLAGS - local abiver=$(cd "${ED}usr/include"; echo python*) + local abiver=$(cd "${ED}/usr/include"; echo python*) if [[ ${abiver} != python${PYVER} ]]; then # Replace python3.X with a symlink to python3.Xm - rm "${ED}usr/bin/python${PYVER}" || die + rm "${ED}/usr/bin/python${PYVER}" || die dosym "${abiver}" "/usr/bin/python${PYVER}" # Create python3.X-config symlink dosym "${abiver}-config" "/usr/bin/python${PYVER}-config" @@ -260,19 +243,18 @@ src_install() { dosym "python-${PYVER}.pc" "/usr/$(get_libdir)/pkgconfig/${abiver/${PYVER}/-${PYVER}}.pc" fi - use elibc_uclibc && rm -fr "${libdir}/test" - use sqlite || rm -fr "${libdir}/"{sqlite3,test/test_sqlite*} - use tk || rm -fr "${ED}usr/bin/idle${PYVER}" "${libdir}/"{idlelib,tkinter,test/test_tk*} + use sqlite || rm -r "${libdir}/"{sqlite3,test/test_sqlite*} || die + use tk || rm -r "${ED}/usr/bin/idle${PYVER}" "${libdir}/"{idlelib,tkinter,test/test_tk*} || die - use threads || rm -fr "${libdir}/multiprocessing" - use wininst || rm -f "${libdir}/distutils/command/"wininst-*.exe + use threads || rm -r "${libdir}/multiprocessing" || die + use wininst || rm "${libdir}/distutils/command/"wininst-*.exe || die - dodoc "${S}"/Misc/{ACKS,HISTORY,NEWS} + dodoc Misc/{ACKS,HISTORY,NEWS} if use examples; then - insinto /usr/share/doc/${PF}/examples - find "${S}"/Tools -name __pycache__ -print0 | xargs -0 rm -fr - doins -r "${S}"/Tools + docinto examples + find Tools -name __pycache__ -exec rm -fr {} + || die + dodoc -r Tools fi insinto /usr/share/gdb/auto-load/usr/$(get_libdir) #443510 local libname=$(printf 'e:\n\t@echo $(INSTSONAME)\ninclude Makefile\n' | \ @@ -284,7 +266,8 @@ src_install() { sed \ -e "s:@PYDOC_PORT_VARIABLE@:PYDOC${PYVER/./_}_PORT:" \ -e "s:@PYDOC@:pydoc${PYVER}:" \ - -i "${ED}etc/conf.d/pydoc-${PYVER}" "${ED}etc/init.d/pydoc-${PYVER}" || die "sed failed" + -i "${ED}/etc/conf.d/pydoc-${PYVER}" \ + "${ED}/etc/init.d/pydoc-${PYVER}" || die "sed failed" # for python-exec local vars=( EPYTHON PYTHON_SITEDIR PYTHON_SCRIPTDIR ) @@ -307,8 +290,7 @@ src_install() { # python and pythonX ln -s "../../../bin/${abiver}" \ "${D}${PYTHON_SCRIPTDIR}/python${pymajor}" || die - ln -s "python${pymajor}" \ - "${D}${PYTHON_SCRIPTDIR}/python" || die + ln -s "python${pymajor}" "${D}${PYTHON_SCRIPTDIR}/python" || die # python-config and pythonX-config # note: we need to create a wrapper rather than symlinking it due # to some random dirname(argv[0]) magic performed by python-config @@ -340,11 +322,14 @@ pkg_preinst() { } eselect_python_update() { - if [[ -z "$(eselect python show)" || ! -f "${EROOT}usr/bin/$(eselect python show)" ]]; then + if [[ -z "$(eselect python show)" || \ + ! -f "${EROOT}/usr/bin/$(eselect python show)" ]]; then eselect python update fi - if [[ -z "$(eselect python show --python${PV%%.*})" || ! -f "${EROOT}usr/bin/$(eselect python show --python${PV%%.*})" ]]; then + if [[ -z "$(eselect python show --python${PV%%.*})" || \ + ! -f "${EROOT}/usr/bin/$(eselect python show --python${PV%%.*})" ]] + then eselect python update --python${PV%%.*} fi } |